In 2008, Microsoft released a security bulletin MS08-067
which was in regards to a vulnerability that could allow remote code execution
if an affected system received a specially crafted RPC request. The bulletin
further indicated that it was possible that the vulnerability could be used in
the crafting of a wormable exploit.
 |
| (Hotbots, n.d.) |
This post will be about botnets and
its impact to the economy. When we talk about botnets, conficker comes to mind.
This infamous worm was discovered in 2008 and by mid-2009 there were over ten
million infected computers participating in this botnet. Conficker's logic
includes mechanisms to generate lists of new domain names on a daily basis to
seek out Internet points that the authors use for updates and for command and
control of the machines infected.
Within
a few months of Conficker’s appearance, some 7 million computers became linked
into one of the largest botnets in the world (Singer, 2011).
So what is a botnet?
Botnets are computers that have been ‘captured’ and
made to run unauthorized software and are part of a group that is controlled by
what is termed as a bot herder or bot master. To understand the potential
impact that botnets possess we should first review the Internet. The Internet’s
growth is unprecedented and the impact it has to human progress is potentially unequalled.
The Internet has made it possible for the world to be closer and for
collaboration to take place in ways never seen before. A class can be conducted
in the United States and a student can be in the comfort of their home in
Australia attending the live class. The Internet has enabled a ‘Global village’
to be possible. With this fast growth however, comes challenges; Innovators don’t
always have time or resources to address potential security issues. The market
awards and encourages low cost, high volume, and short time to market products
and the ‘norm’ sadly appears to be go to market and ‘patch it later’.
When you look at the other side of the story, just as
the pace of innovation and adaptation on the Internet increases, so do the
criminals and their ‘tools of trade’. With the increased connectivity, the
faster it is for an exploit to spread. Botnets are successful because of the
many software flaws (vulnerabilities) on Internet connected devices and with
the presence of botnets, Internet crime is further propagated. Now we are
heading to a time when most things are going to be connected; the Internet of
Things (IoT) which means the attack surface just increased.
“With
the advent of high speed “always on” connections, these PCs add up to either an
enormous global threat, or a bonanza of freely retarget-able resources,
depending upon one’s point of view”
(Vixie,
2002).
As more devices are connected and less security is
being emphasized, not only can these devices be used to propagate attacks but
also attack our privacy. We have Internet connected cameras, cars that have
WiFi, home appliances that can be accessed from the Internet just to mention a few items. Most of these
devices are not secure by default and it would take some effort on the end
users part to make them a little bit more secure. Most end users do not bother
to check these settings and the bad guys are aware of these. A simple google
search on default passwords for WiFi cameras brings back a significant list
that can be used to attack those cameras. As mentioned previously, most
manufacturers are simply trying to break into the market of IoT and their focus
is interoperability as opposed to building secure systems. Attackers can take
advantage of these fact and now the spread of bots is worse than it was when
conficker first hit the Internet scene.
Conclusion
Due to the threat that botnets possess, every Internet
user should be aware of how they may be assisting in the propagation of these exploit
vector. Users should know that if their Internet connected device is out of
date and/or running unpatched software it means that they may get infected and
may be used to participate in illegal activity like DDoS attacks, spam delivery
or even identity theft.
References:
Singer, P. W. (2011, October 21). Mark Bowden’s “Worm:
The First Digital
World War”. Retrieved February 7, 2016, from https://www.washingtonpost.com/
entertainment/books/mark-bowdens-worm-the-first-digital-world-war/2011/08/30/
gIQAwcKO4L_story.html
World War”. Retrieved February 7, 2016, from https://www.washingtonpost.com/
entertainment/books/mark-bowdens-worm-the-first-digital-world-war/2011/08/30/
gIQAwcKO4L_story.html
Microsoft Security Bulletin MS08-067 - Critical.
(2008, October 23). Retrieved
February 7, 2016, from https://technet.microsoft.com/library/security/
ms08-067
February 7, 2016, from https://technet.microsoft.com/library/security/
ms08-067
Vixie, P. (2002, October 17). Securing the Edge.
Retrieved February 7, 2016,
from https://archive.icann.org/en/committees/security/sac004.txt
from https://archive.icann.org/en/committees/security/sac004.txt
hotbots [Photograph].
(n.d.). Retrieved from https://www.usenix.org/legacy/event/
hotbots07/tech/full_papers/wang/wang_html/figure1.png
hotbots07/tech/full_papers/wang/wang_html/figure1.png
No comments:
Post a Comment